1. Technical Field
The present invention relates generally to authenticating a user of a client machine running a native operating system against a user account held at a non-native server domain.
2. Description of the Related Art
The client-server model of computing is a well-known environment. In the model, the user of a computer utilizes a "client" system. The client system runs any of a number of computer operating systems to manage the basic functions that users execute (such as accessing files, executing programs, system administration and the) as well as to serve as the base against which programs are written. Well-known client operating systems include Microsoft Windows 3.1, Windows for Workgroups, Windows 95, IBM.RTM. OS/2.RTM. Warp, Apple Macintosh, DOS, many variations of UNIX, and Microsoft Windows NT. The client system serves as the user's workstation, and it may execute programs as well as store some user data.
The server system can also run any of a number of computer operating systems. Well-known server operating systems include Novell Netware, IBM OS/2 Warp Server, IBM AS/400.RTM., Microsoft Windows NT, and many variations of OSF UNIX. The server system is accessed by the client system for specific functions. The functions include, but are not limited to, storage and retrieval of data, storage and execution of applications, and storage of and access to user information.
Industry standards have been developed (for critical and common functions) to aid in the access from different types of client systems to different types of server systems. The use of these standards on the client and server afford users the opportunity to carry out functions in a consistent manner on a variety of common client and server operating systems. One of the activities that has been standardized is the "authentication" of users. Authentication refers to the process in which a user is validated as being able to complete a logon and/or access a system. Standard protocols have been defined within the X/Open Server Message Block (SMB) specification and the Open Systems Foundation (OSF) Distributed Computing Environment (DCE) specification.
While many products and operating systems have been developed that utilize the standard protocols, not all products have used the standards. When this occurs, either additional work must be done by the other operating system to implement the unique commands used by a vendor, or access to the other new system and/or product is not allowed if the unique commands are not made available to other vendors. When the commands and/or protocol are not made available, that aspect of the system and/or product is sometimes characterized as being "closed".
The Microsoft Windows NT operating system is becoming a dominant client system in many enterprise computer networks. Because of the "closed" nature of Windows NT, a user of a client machine running this operating system may only log on against an account held at the machine, at a server running the Windows NT operating system, or at any other servers that are "trusted" by the NT server that the client is configured against. Only these options are supplied to the user during the logon process, and there are presently no documented interfaces to allow user authentication from (a) other native server domains against which the client has not been previously configured, or (b) non-native server domains. Thus, the NT user account required for initial authentication may exist only on an NT client or in an original NT server domain. This closed architecture eliminates the ability to do full centralized administration from alternative sources, such as other NT domains or other non-native domains.
Therefore, there remains a need in the art to "open up" Windows NT clients to authentication from a wider set of choices and, as a corollary, a need to provide some mechanism to assist in discovering these choices.
The present invention addresses this problem.